Integer Overflow and Heap Buffer Overflow in libsixel by Saitoha
CVE-2026-33020

7.1HIGH

Key Information:

Vendor: Saitoha
Status: Libsixel
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-33020?

The libsixel library, utilized for encoding and decoding SIXEL images, contains a vulnerability due to an integer overflow that occurs during the image conversion process. Specifically, in the function sixel_frame_convert_to_rgb888(), image allocations for palettised formats (PAL1, PAL2, PAL4) rely on integer arithmetic for size calculations. When the pixel count of images exceeds certain limits, this can lead to an incorrectly sized buffer allocation and a subsequent negative pointer offset. An attacker can exploit this vulnerability by providing a specially crafted large palettised PNG image, which may result in heap corruption and a potential crash of the victim’s process. This flaw could enable remote exploitation, allowing attackers to execute arbitrary code, thereby compromising the affected system.

Affected Version(s)

libsixel < 1.8.7-r1

References

https://github.com/saitoha/libsixel/security/advisories/G...

x_refsource_CONFIRM

https://github.com/saitoha/libsixel/releases/tag/v1.8.7-r1

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33020 Data

JSON